RSA Security LLC
174 Middlesex Turnpike
Bedford, MA 01730
T 781 515 5000
F 781 515 5450
Many people have pointed out the folly of making predictions. The risk/reward of doing so is out of balance.
When you predict correctly, the predictions look obvious in hindsight. When you predict incorrectly, the best case
is that no one remembers and the worst case is that you become a cautionary tale for others (Ken Olson’s famous
“There is no reason anyone would want a computer in their home” comes to mind). So being fully aware of the
folly of my undertaking, I once again take up my pen (or keyboard, as the case may be) and share some of my
thoughts about 2013 and what it portends for 2014.
IDC has cleverly delineated the evolution of computing over the past 40+ years into three eras or platforms. After
the mainframe and client/server eras of the 70’s and 90’s came the third platform, the onset of which began in
2007 with the launch of the iPhone, and Cloud, Big Data and Social are the dominant environments and mobile
devices are the endpoints.
The third platform has matured rapidly since its emergence. 2013 was no exception. Adoption of Software as a
Service (SaaS) has grown significantly and that growth continues to accelerate. Adoption of Infrastructure as a
Service (IaaS) is on a similar growth trajectory. Increasingly, businesses are demanding access to business applications on their mobile devices as the office becomes more and more virtual.
Yet in a recent independent global survey of 3200 IT and business decision-makers, sponsored by EMC, two of the
top security concerns identified across all respondents were third party access of company applications (43%)
and mobile access to corporate networks (40%), pointing to the need for more advanced technologies and intelligence-driven security solutions in the era of the third platform.
Against this backdrop, one of the biggest or at least most persistent stories of 2013 was the interplay between
security and privacy thanks to the NSA revelations.
So with this context, I will peer into my crystal ball and make my top 5 prognostications for 2014:
1. BYOD is so 2013. The new thing is BYOI – One of the interesting trends of the third platform has been the
consumerization of IT as companies have given employees greater latitude in accessing corporate resources
and data via their own personal devices (BYOD). The next evolution of this trend will be the consumerization
of ID or identity as employees increasingly push for a simpler, more integrated system of identification for all
of the ways they use their devices. Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices. 2014 will be the
dawn of Bring (and control) Your Own Identity (BYOI).
2. The return of the insider threat – The insider threat is an issue that seems to rise and fall like fashion in our
collective consciousness. The events of the past year have brought the issue front and center once again in
a powerful way. In 2014, we will see companies pay greater attention to the insider threat and take steps to
protect themselves from the risk of substantial damage to revenue, brand and even business continuity.
3. The future is cloudy – While public clouds have been gaining some momentum for certain workloads
during the past couple of years, the NSA revelations and questions about the security of those clouds
could slow that momentum. We’ve seen companies rethinking their public cloud strategies and even
governments in Europe advocating for the Balkanization of public clouds so that they reflect national
borders. Expect public cloud providers to aggressively address the security of their clouds as a competitive differentiator and to stave off these threats to their business. Providers of cloud security should
have a banner year in 2014.
4. 2014 is the tipping point year of mobile malware – As businesses provide greater mobile access to critical business applications and sensitive data and consumers increasingly adopt mobile banking, it is
easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014. We’ve already
seen a strong uptick in both over the past few months and expect this is just the beginning of a huge
wave. We will see some high-profile mobile breaches before companies and consumers realize the
risk and take appropriate steps to mitigate it. Interestingly, the Economist recently featured an article
suggesting such fears were overblown. Probably a good idea to be ready just the same.
5. The Internet of Things – As we saw at Black Hat this past summer, the hacking target of tomorrow is
not PCs or even mobile devices; it’s the Internet of Things or the growing network of devices that sense
and control real-world systems. From cars to medical devices to smart electrical grids, we will see an
increasing number and growing sophistication of attacks on the Internet of Things. We will see more
attacks that have truly destructive – as opposed to disruptive – power.
There are, of course, numerous other trends of interest – from the emergence of memory-only and other
short-term malware to Bitcoin hysteria to greater threat information sharing between companies and industries. Sufficed to say, 2014 will be another interesting year for security. While there are certainly significant
challenges ahead of us, my conversations with our customers, partners, and industry peers leave me more
confident than ever in our ability to meet those challenges head on. All in all, it’s the industry’s growing
adoption of an Intelligence-Driven Security model, leveraging Big Data, in-depth analytics and dynamic,
integrated controls to provide contextually-aware security, that is enabling companies to effectively address
the challenges they can see today and those still beyond the horizon that does give me confidence, I think, I
hope, I pray! Together, we will deliver a trusted digital world.